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Claim 1 (currently amended): 

A method for allowing an Internet or intranet browser user to conveniently transfer 
directly to a domain that is participating in an e-community without repetitious and 
redundant authentication actions , said e-community comprising a plurality of affiliated 
domain servers, said user being properly registered and authenticated to a home domain 
server within said e-community, said method comprising the steps of: 

automatically enrolling said user at [[an]] at a group of affiliated domain 
domains within said e-community through exchange of a single home domain identity 
cookie shared among said plurality of affiliated domains with e nrollm e n t request and an 
affiliated domain identi t y cookie with e nrollment r e sponse success indicator betwe e n said 
hom e domain server and an affiliated d o main s e rv e r by: 

{a) defining a minimal group of affiliated domains for automatic enrollment 
corresponding to a condition selected from the group of user's home 
domain, and a common set of domains required by all users participating 
in a given e-community: 
(b) providing a single-sign-on plug-in to said home domain and to each of 

said affiliated e-communitv domains: 
{c} responsive to a user activating a group enrollment functionality. 

redirecting a user's browser from one domain to another according to a e- 
communitv domain members list until each domain within said e- 
communitv has been visited once, said redirection being performed bv 
said user's home domain according to a star topology during which said 
home domain determines and reports the status of each enrollment attempt 
across said e-communitv. and wherein each affiliated domain within said 
e-communitv provides an enrollment page with resources required to 
trigger enrollment functionality: 
£d} upon redirection to a first affiliated e-community domain during step flri: 
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(i) said home domain single-sign-on plug-in building a home 

identity cookie having an extensible data area and an 

enrollment token for the user, 
(i0 redirecting said home identity cookie and enrollment token 

to said first e-communitv domain via said user's web 

browser: 

(Hi) unpacking said enrollment token in said home identity 

cookie by said single-sign-on plug-in at said first affiliated 
domain: 

£iy) building an affiliated domain identity cookie for said user 
by said first affiliated domain single-sign-on plug-in 
including an "enrollment successful" indicator: 

(v) redirecting said affiliated domain identity cookie to said 
home domain via said user's web browser: 

(vi) upon receipt of said enrollment successful indicator, 
modifying said home identity cookie to include an 
"enrollment successful at first affiliated domain" symbol in 
said extensible data area: and 

(viO returning said modified home identity cookie to said user's 
web brower for storage in persistent memory: 
(e) upon redirection to additional domains affiliated in said e-communitv 
subsequent to redirection to said first affiliated domain, repeating said 
steps of (dKii) through (d¥viH wherein each step performed bv said first 
affiliated domain is alternatively performed by said single-sign-on plug-in 
at each additional affiliated domain, thereby building up and accumulating 
"enrollment success" symbols in said extensible data area of said single, 
shared home domain identity cookie upon successful enrollment at each 
additional affiliated domain within said e-communitv: 
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' when said user's browser is pointed at a given affiliated domain server subsequent 
to completion of said building of said home domain identity cookie having a plurality of 
enrollment success symbols, vouching for the identity of the user through exchange of a 
vouch-for request and vouch-for response between said home domain server and [[an]] 
said given affiliated domain server; and 

building a local session at said given affiliated domain for said user using 
[[said]] a protected resource of said given affiliated domain responsive to receipt of said 
vouch-for response , and 

transmi t ting an e -communi t y cookie from said affiliat e d domain s e rver 
t o said browser recording successful authentication of said user into said 
affilia t ed domain. 

Claim 2 (currently amended): 

The method as set forth in Claim 1 wherein said step of enrolling the user at 
an affiliated domain com pr ises the steps of : 

transmitting a home d o main identity cooki e and enrollment requ e st 
by said home domain s e rve r t o a uscr ! s browser where it may be stor e d; 

r edirecting said e nrollment requ e st t o an a f filiated domain server; 

transmi t ting an affiliated domain identity cookie with an enrollment 

r esponse including an enr o llment succ e ss indicator from said a f filiat e d domain 

server to said user's br o ws e r; 

r edi r ecting said enrollment r espons e with enrollment success indicator 
to said home domain server where it may be stored; 

updating a set of use r information at said modifying said home domain identity 
cookie to record include an enrollment success symbol comprises at said affiliated 
domain server such that th e re is a creating a server-maintained persistent record of the 
user's enrollmen t at said affiliated domain, rand 

modifying said home domain iden t ity cookie to record enrollment success at said 
a f filiated domain server such t hat there is a user-maintained persistent record of the usci's 
enrollment so tha t the us e r may acc e ss and us e res o urces associa t ed with the affiliated 
domain server 
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Claim 3 (currently amended): 

The method as set forth Claim [[2]] I wherein said step of redirecting said 
enrollment request comprises performing a hyper text transfer protocol 
redirection operation. 

Claim 4 (currently amended): 

The method as set forth Claim [[2]] 1 wherein said step of redirecting said 
enrollment success indicator to said home domain server comprises 
performing a hyper text transfer protocol redirection operation. 

Claim 5 (canceled). 

Claim 6 (original): 

The method as set forth in Claim 1 wherein said step of vouching for the 
identity of the user comprises the steps of: 

transferring said affiliated domain identity cookie with access request 
for a protected resource from said user's browser to said affiliated domain 
server; 

extracting the user's home domain identity from the affiliated domain 
identity cookie in order to determine where to send a vouch-for request; 

sending a vouch-for request from said affiliated domain server to 
said home domain server via the user's browser using redirection; and 

returning a vouch-for response to said affiliated domain server from 
said home domain server via the user's browser using redirection. 

Claim 7 (original): 

The method as set forth in Claim 6 wherein said step of sending a vouch-for 
request from said affiliated domain server to said home domain comprises the 
step of determining the user's home domain server by evaluation of the user's 
affiliated domain identity cookie. 
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Claim 8 (original): 

The method as set forth in Claim 6 wherein said step of sending a vouch-for 
request from said affiliated domain server to said home domain server 
comprises performing a hyper text transfer protocol redirection operation. 

Claim 9 (original): 

The method as set forth in Claim 6 wherein said step of returning a vouch-for 
response to said affiliated domain server from said home domain server 
comprises performing a hyper text transfer protocol redirection operation. 
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Claim 10 (original): 

A computer readable medium encoded with software for allowing an Internet 
or intranet browser user to conveniently transfer directly to a domain that is participating 
in an e-community without repetitious and r edundant auth e ntication actions , said 
e-community comprising a plurality of affiliated domain servers, said user being 
pr o perly registered and authenticated to a home domain server within said 
e-community, said software performing causing a processor to perform the steps of: 

automatically enrolling said user at [[an]] at a group of affiliated domain 
domains within said e-community through exchange of a single home domain identity 
cookie shared among said plurality of affiliated domains with enrollment r e quest and an 
affiliated domain identity cookie with enrollm e nt response success indicator b e tween said 
home domain server and an affiliated domain serv e r by: 

(a) defining a minimal group of affiliated domains for automatic enrollment 
corresponding to a condition selected from the group of user's home 
domain, and a common set of domains required bv all users participating 
in a given e-community: 
{b} providing a single-sign-on plug-in to said home domain and to each of 

said affiliated e-communitv domains: 
(c) responsive to a user activating a group enrollment functionality. 

redirecting a user's browser from one domain to another according to a e- 
communitv domain members list until each domain within said e- 
communitv has been visited once, said redirection being performed bv 
said user's home domain according to a star topology during which said 
home domain determines and reports the status of each enrollment attempt 
across said e-community. and wherein each affiliated domain within said 
e-community provides an enrollment page with resources required to 
trigger enrollment functionality: 
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(d) upon redirection to a first affiliated e-communitv domain during step (b): 

(i) said home domain single-sign-on plug-in building a home 

identity cookie having an extensible data area and an 

enrollment token for the user. 
(iO redirecting said home identity cookie and enrollment token 

to said first e-communitv domain via said user's web 

browser: 

(Hi) unpacking said enrollment token in said home identity 

cookie bv said single-sign-on plug-in at said first affiliated 
domain: 

£iv} building an affiliated domain identity cookie for said user 
bv said first affiliated domain single-sign-on plug-in 
including an "enrollment successful" indicator: 

(v) redirecting said affiliated domain identity cookie to said 
home domain via said user's web browser: 

(v|) upon receipt of said enrollment successful indicator, 
modifying said home identity cookie to include an 
"enrollment successful at first affiliated domain" symbol in 
said extensible data area: and 

(viO returning said modified home identity cookie to said user's 
web brower for storage in persistent memory: 

(e) upon redirection to additional domains affiliated in said e-communitv 
subsequent to redirection to said first affiliated domain, repeating said 
steps of (d)(\i) through (d)(vi\) wherein each step performed bv said first 
affiliated domain is alternatively performed bv said single-sign-on plug-in 
at each additional affiliated domain, thereby building up and accumulating 
"enrollment success" symbols in said extensible data area of said single, 
shared home domain identity cookie upon successful enrollment at each 
additional affiliated domain within said e-communitv: 
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when said user's browser is pointed at a given affiliated domain server subsequent 
to completion of said building of said home domain identity cookie having a plurality of 
enrollment success symbols, vouching for the identity of the user through exchange of a 
vouch-for request and vouch-for response between said home domain server and [[an]] 
said given affiliated domain server; and 

building a local session at said given affiliated domain for said user using 
[[said]] a protected resource of said given affiliated domain responsive to receipt of said 
vouch-for response ± ; and 

t ransmi t ting an c-community cooki e from said affiliated domain server 
to said brows e r r e cording successful authentication of said user int o said 
affiliated domain. 

Claim 1 1 (currently amended): 

The computer readable medium as set forth in Claim 10 wherein said software for 
enrolling t he user at an affilia te d d o main comprises software for performing the st e ps of: 
step of 

transmi t ting a home domain identity co o kie and e nrollment request 
by said home domain server to a usc r f s br o wse r where it may be stored, 

redirecting said e nrollment request t o an affiliated domain server; 

transmi t ting an affiliated domain identity cookie with an enrollm e nt 

r esponse including an enrollment success indicator from said affiliated domain 

server to said user T s browser; 

redirecting said enrollment response with enrollment success indicator 
to said home d o main s e rver where it may be stoicd, 

updating a set of us e r information at said modifying said home domain identity 
cookie to record include an enrollment success symbol comprises at said affiliated 
domain server such that th e re is a creating a server-maintained persistent record of the 
user's enrollmen t at said affiliated domain. ; and 

modifying said home domain identity c o okie to record enrollment success at said 
affiliated domain server such that there is a use r -main t ained pe r sistent record of the usci's 
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enrollment so that the user may access and use res o urc e s associa t ed with the affiliated 
domain server. 

Claim 12 (currently amended): 

The computer readable medium as set forth in Claim [[1 1]] 10 wherein said software for 
redirecting said enrollment request comprises software for performing a hyper text 
transfer protocol redirection operation. 

Claim 13 (currently amended): 

The computer readable medium as set forth in Claim [[1 1]] jO wherein said software 
for redirecting said enrollment success indicator to said home domain server 
comprises software for performing a hyper text transfer protocol redirection 
operation. 

Claim 14 (canceled). 

Claim 15 (original): 

The computer readable medium as set forth in Claim 10 wherein said software 
for vouching for the identity of the user comprises software for performing the 
steps of: 

transferring said affiliated domain identity cookie with access request 
for a protected resource from said user's browser to said affiliated domain 
server; 

extracting the user's home domain identity from the affiliated domain 
identity cookie in order to determine where to send a vouch-for request; 

sending a vouch-for request from said affiliated domain server to 
said home domain server via the user's browser using redirection; and 

returning a vouch-for response to said affiliated domain server from 
said home domain server via the user's browser using redirection. 
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Claim 16 (original): 

The computer readable medium as set forth in Claim 15 wherein said software for 
sending a vouch-for request from said affiliated domain server to said home domain 
comprises software for determining the user's affiliated domain server by evaluation of 
the user's home domain identity cookie. 

Claim 17 (original): 

The computer readable medium as set forth in Claim 15 wherein said software for 
sending a vouch-for request from said affiliated domain server to said home domain 
server comprises software for performing a hyper text transfer protocol redirection 
operation. 

Claim 18 (original): 

The computer readable medium as set forth in Claim 15 wherein said software 
for returning a vouch-for response to said affiliated domain server from said 
home domain server comprises software for performing a hyper text transfer 
protocol redirection operation. 
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Claim 19 (original): 

A system for convenient e-community enrollment by an Internet or intranet user using 
cross-domain single-sign-on to a group of affiliated domains that are domain that is 
participating in an e-community without r epetitious and redundant authentication actions, 
said e-community comprising a plurality of affiliated domain s e rv e rs , said user 
being properly registered and authenticated to a home domain server within 
said e-community, said system comprising: 

a single-sign-on plug-in operatively disposed to a home domain server: 

a minimal group of affiliated domains defined in a list for automatic enrollment 
corresponding to a condition selected from the group of user's home domain, and a 
common set of domains required by all users participating in a given e-communitv. said 
list being accessible by said home domain single-sign-on plug-in: 

a plurality of single-sign-on plug-ins, each of which is operatively disposed to an 
affiliated e-communitv domain server: 

a home domain identity cookie accompanying an e nrollment request 
r eceivabl e by an affiliated domain server having a plurality of enrollment success 
symbols in an extensible data area, said symbols being accumulated bv passing said 
home domain identity cookie by said home domain among said group of affiliated 
domains, said passing occurring in a star topology centered upon a user's web browser 
bv: 

(a) responsive to a user activating a group enrollment functionality, 

redirecting a user's browser from one domain to another according to a e- 
communitv domain members list until each domain within said e- 
communitv has been visited once, said redirection being performed bv 
said user f s home domain according to a star topology during which said 
home domain determines and reports the status of each enrollment attempt 
across said e-community. and wherein each affiliated domain within said 
e-communitv provides an enrollment page with resources required to 
trigger enrollment functionality: 
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{b} upon redirection to a first affiliated e-communitv domain during step (b): 
(D_ said home domain single-sign-on plug-in building a home identity 
cookie having an extensible data area and an enrollment token for 
the user. 

£iil redirecting said home identity cookie and enrollment token to said 

first e-communitv domain via said user's web browser: 
(iii) unpacking said enrollment token in said home identity cookie by 

said single-sign-on plug-in at said first affiliated domain: 
0v} building an affiliated domain identity cookie for said user bv said 
first affiliated domain single-sign-on plug-in including an 
"enrollment successful" indicator: 
(v) redirecting said affiliated domain identity cookie to said home 

domain via said user's web browser: 
{vi} upon receipt of said enrollment successful indicator, modifying 
said home identity cookie to include an "enrollment successful at 
first affiliated domain" symbol in said extensible data area: and 
(ViO returning said modified home identity cookie to said user's web 
brower for storage in persistent memory: 
£c} upon redirection to additional domains affiliated in said e-communitv 
subsequent to redirection to said first affiliated domain, repeating said 
steps of (cXii) through (vifl wherein each step performed bv said first 
affiliated domain is alternatively performed bv said single-sign-on plug-in 
at each additional affiliated domain, thereby building up and accumulating 
"enrollment success" symbols in said extensible data area of said single, 
shared home domain identity cookie upon successful enrollment at each 
additional affiliated domain within said e-community: 
an affiliated domain identity co o kie accompanying an e nrollment 
r esponse success indicat o r rec e ivable by said h o me domain server; 

a vouch-for request receivable by a home domain serve r transmitted bv a 
given affil iated domain upon pointing of said user's web browser to said given affiliated 
domain : and 



Serial No. 10/034,725 Heather Maria Hinton Page 14 of 24 

a vouch-for response receivable by said affiliated domain serve r transmitted by 
said home domain responsive to receipt of said vouch-for request. [[; and]] 

an c-c o mmuni t y co o kie rec e ivable by said browser to r e cord successful 
auth e ntication of said user into said affiliated domain fo r the duration of the 
use r f s session. 

Claim 20 (original): 

The system as set forth in Claim 19 further comprising: 

an enrollment request redirector for redirecting said enrollment 
request from said home domain server to an affiliated domain server via 
said browser; 

an enrollment response redirector for redirecting said enrollment 
response with enrollment success indicator to said home domain server from 
said affiliated domain server via said browser; 

a user information manager operable by said home domain adapted to 
record enrollment success at said affiliated domain server such that there is a 
server-maintained persistent record of the user's enrollment; and 

a home domain identity cookie modifier adapted to record enrollment 
success at said affiliated domain server such that there is a client-maintained 
persistent record of the user's enrollment so that the user may access and use 
resources associated with the affiliated domain server. 

Claim 21 (original): 

The system as set forth Claim 20 wherein said enrollment request redirector 
comprises a hyper text transfer protocol command. 

Claim 22 (original): 

The system as set forth Claim 20 wherein said enrollment response redirector 
comprises a hyper text transfer protocol redirection command. 
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Claim 23 (canceled). 

Claim 24 (original): 

The system as set forth in Claim 19 further comprising an affiliated domain 
identity cookie evaluator for extracting the user's home domain identity from 
said affiliated domain identity cookie in order to determine where to send 
a vouch-for request. 



